search

rweather / arduinolibs

Arduino Cryptography Library
444 stars 212 forks source link

calculated shared secret doesn't match (Diffie-Hellman, Curve25519) #87

Open ThomasBe opened 5 months ago

ThomasBe commented 5 months ago

Taking two pair of keys (public, private) and calculating the shared secret, dh2(alice_public, bob_private) and dh2(bob_public, alice_private), the result (shared secret) is different. But one of them is the right one. Tested with a different implementation in python. Bobs calculated shared secret is the right one.

#include <Crypto.h>
#include <Curve25519.h>
#include <RNG.h>
#include <string.h>

void printNumber(const char *name, const uint8_t *x)
{
    static const char hexchars[] = "0123456789ABCDEF";
    Serial.print(name);
    Serial.print(" = ");
    for (uint8_t posn = 0; posn < 32; ++posn) {
        Serial.print(hexchars[(x[posn] >> 4) & 0x0F]);
        Serial.print(hexchars[x[posn] & 0x0F]);
    }
    Serial.println();
}

void testDH()
{
    static uint8_t alice_k[32] = {
       0xc1,0x74,0xe2,0x76,
       0x82,0x4c,0x1b,0x3d,
       0x43,0xd2,0xc4,0xb5,
       0xf1,0x4d,0xfa,0x88,
       0x6e,0xa0,0x36,0x0c,
       0xcc,0xbd,0x12,0x89,
       0x9d,0xe6,0x8b,0x02,
       0x89,0x90,0x8e,0x31,
    };

    static uint8_t alice_f[32] = {
       0xd1,0x59,0x13,0x54,
       0x05,0x86,0xdd,0x55,
       0xb2,0x5d,0x48,0x6d,
       0xa5,0x24,0xc9,0x38,
       0xa8,0x0e,0x55,0x1f,
       0xd8,0xe7,0x1e,0xce,
       0x6c,0xa0,0xb9,0xc8,
       0xc9,0x55,0x9c,0x6f,
    };

    static uint8_t bob_k[32] = {
          0xfd,0x4f,0x52,0x4e,
          0xf6,0x96,0x34,0x8b,
          0xb7,0x5f,0x14,0x87,
          0x66,0x68,0x88,0xc9,
          0x49,0x1f,0x59,0xed,
          0xd7,0xfa,0xd4,0x7e,
          0xbb,0xf3,0x5b,0x1b,
          0x69,0x79,0x9f,0x1e,
    };
    static uint8_t bob_f[32] = { 
        0x78,0x84,0x25,0x8e,
        0xa5,0x04,0x8f,0x26,
        0x73,0x69,0x10,0xa5,
        0x50,0xad,0x4c,0x31,
        0x0f,0x50,0x04,0x07,
        0x5c,0xd0,0xaf,0x4e,
        0xc3,0x9d,0xc6,0x92,
        0x03,0xcf,0x2f,0xd3,
    };
    Serial.println("Generate shared secret for Alice ... ");
    Curve25519::dh2(bob_k, alice_f);
    for(int i; i < 32; i++ ){
      Serial.print(bob_k [i], HEX);Serial.print(" ");
    }
    Serial.println();

    Serial.println("Generate shared secret for Bob ... ");
    Serial.flush();

    Curve25519::dh2(alice_k, bob_f);
    for(int i; i < 32; i++ ){
      Serial.print(alice_k [i], HEX);Serial.print(" ");
    }
    Serial.println();
    Serial.print("Check that the shared secrets match ... ");
    if (memcmp(alice_k, bob_k, 32) == 0)
        Serial.println("ok");
    else
        Serial.println("failed");
}

void setup()
{
    Serial.begin(9600);

    Serial.println();
    testDH();
    Serial.println();
}

void loop()
{
}

Monitor output:

Generate shared secret for Alice ... 
C1 DE 6A 6B A2 1B B7 8 29 87 E5 5E A8 40 81 F8 65 1E 81 42 4C 71 BE 7 91 78 15 71 47 A2 51 5D 
Generate shared secret for Bob ... 
31 A6 F8 1 8E AE 6 6 12 90 F4 7C A6 89 8F C7 33 C9 31 6 10 79 49 2F 42 4E 2C 72 6F A3 BF 28 
Check that the shared secrets match ... failed